Enterprise clouds can provide solutions to enterprises using cloud computing and software as a service (SaaS) to distribute software on a subscription basis. For example, cloud computing company Salesforce.com® can host Customer Relationship Management (CRM)/Salesforce Automation applications and services offsite via a cloud. In another example, Google Inc. can host Google Docs™, which is a web-based word processor, spreadsheet, presentation, form, and data storage service, as a SaaS solution, via a cloud. Enterprises can use a variety of SaaS clouds to conduct their business. For example, enterprise users can access the Google Docs™ cloud for unstructured data and can access the Salesforce® cloud for CRM/Salesforce Automation services and applications.
Clouds can exchange protected resources directly amongst themselves on behalf of their users based on user privileges, which users can grant to resources hosted in their cloud accounts using a resource authorization protocol, such as an OAuth (Open Authentication) protocol. For example, a user can grant the Google Docs™ cloud access to his/her protected resources hosted by the Salesforce.com® cloud. The user can use the OAuth protocol to authorize sharing of their private resources stored in the Salesforce.com® cloud with the Google Docs™ cloud while avoiding to have to expose their Salesforce.com® cloud credentials, typically Salesforce.com® cloud username and password, to the Google Docs™ cloud. However, conventional environments where private resources are being shared between clouds over the OAuth protocol fail to provide Enterprise security administrators visibility as to what data is being shared, which users are authorizing the sharing, and which clouds are accessing the shared data. Enterprises may wish to prevent sensitive enterprise data from flowing from one cloud to another cloud, but are unable to because they are not aware of the cloud provider access transactions.
Some clouds use whitelists and blacklists to prevent sensitive data from being shared. However, such conventional solutions may not always offer the required agility to Enterprises. New SaaS clouds may surface, and new services within existing SaaS clouds continually become newly available. Thus, whitelists and blacklists are often outdated and may inadvertently allow sensitive enterprise data to be shared.